JP2002268947A - Encryption memory device and lsi device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To keep secret of data even when an unauthorized read processing is performed to it. SOLUTION: In the case of a normal read processing, a security control part 20 holds a decryption key transmitted preceding to the read processing, when the read processing of encrypted data is performed from a memory area 13, a decrypting part 30 decrypts the encrypted data based on the decryption key held by the security control part 20 and outputs an obtained decryption result. In the case of the unauthorized read processing, on the other hand, no such decryption is performed and the decrypted data in the memory area 13 is outputted as it is.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an encryption memory device and an LSI (large-scale
integrated circuit) device.

[0002]

2. Description of the Related Art In general, most electronic products which have some kind of internal control are equipped with semiconductor devices such as a CPU, a memory (hereinafter also referred to as a memory device) and / or an LSI (hereinafter also referred to as an LSI device). I have.

[0003] Some of such semiconductor devices are combined to form a computer system or to form an LSI device. FIG. 11 is a schematic diagram showing a main part configuration of a general LSI device, and FIG. 12 is a schematic diagram specifically showing a configuration of a memory device in FIG. In this description, an LSI device in which the memory device 10 and the CPU 1 are integrated in the same chip will be described as a representative example. However, the present invention is not limited to the LSI device. It also includes a description of the computer system connected as a chip.

As shown in FIGS. 11 and 12, the CPU 1
Is connected to the memory device 10 via n + 1 address buses 2, m + 1 data buses 3, and a plurality of control buses (chip select line cs, write control line wr, and read control line read) 4 individually. And each bus 2-4
And has a function of reading / writing data from / to the memory device 10 through the CPU and a normal program processing function.

The memory device 10 has a read / write RA.
Although M is illustrated, a read-only ROM may be used, and includes a control unit 11, an address decoder (row decoder) 12, and a memory area 13 as illustrated. In the memory area 13, a column selector 15, a sense amplifier 16, and a write buffer 17 are sequentially connected to the memory cells 14 arranged in a matrix as needed. Note that the memory cells 14 are provided in an arbitrary number of rows (rows) and columns (columns) according to storage capacity. In this specification, the number of rows is arbitrary, but the number of columns is m + 1. I have.

The control section 11 has a function of transmitting address data to the row decoder 12 based on address data on the address bus 2 and command data on the control bus 4, a function of selecting a column selector 15,
It has a function of activating the sense amplifier 16 and the write buffer 17.

The row decoder 12 includes a control unit 11
Has a function of selecting the memory cell 14 for each row based on the address data received from the memory cell.

In this memory area 13, based on the selection of memory cells 14 for each row by the row decoder 12, the selection of the column selector 15 by the control unit 11, and the read / write instruction, the memory cells 14 , Sense amplifier 16 and write buffer 1
Data is read / written to / from data bus 3 via.

The data to be read / written is arbitrary. For example, basic data (eg, control values, control programs, etc.) for realizing the functions of the LSI device and the computer system besides ordinary files, etc. ). This kind of basic data affects the operation performance of the LSI device and the computer system, and is described by the unique technical knowledge (know-how) of the system developer. Therefore, only the CPU 1 can use it and is not output to the outside. It is desirable.

[0010]

However, in the memory device 10 described above, if the data to be read is the basic data for realizing the function, the data is not externally output in the normal operation, but is illegally read out. When output to the outside, the operation of the LSI device and the computer system is known to an unauthorized third party, and a similar product may be created by imitating or stealing the basic data.

The present invention has been made in view of the above circumstances, and has as its object to provide an encrypted memory device and an LSI device that can keep data secret even if an illegal read process is performed.

[0012]

SUMMARY OF THE INVENTION The gist of the present invention is a decoding means for storing encrypted data in a memory area and decoding data between the memory area and a data bus only during normal reading. Is to output the data to the data bus in a state where the data is not correctly decoded in the case of an illegal read process. As a result, the data can be kept confidential even if the unauthorized read processing is performed.

Here, it is not always necessary to encrypt all data in the memory area, and it is sufficient that at least only data that is not to be illegally read is encrypted. However, when reading unencrypted data, an instruction not to decrypt is required.

[0014] The decoding means may be provided for each block or for each bit, and may be provided at appropriate block intervals or bit intervals. Further, the decoding means may be provided for each memory, or one common means may be provided for a plurality of memories.

Now, based on the gist of the present invention, specifically, the following means are taken. The present invention has a memory area for holding encrypted data,
In the writing process, an encryption memory device capable of at least a reading process, and an LSI device or a computer system including the encryption memory device are targeted. The term “LSI device” used in the present invention is used as a general term for a semiconductor integrated circuit, and is generally defined by the degree of integration (1000
Semiconductor integrated circuit with more than 100,000 elements)
Is not limited to, for example, IC, SSI, MSI, LS
I (ordinary definition), VLSI, ULSI or MPU. Further, the encryption memory device may be either a ROM or a RAM.

Here, when the decryption key is transmitted prior to the reading process, the encrypted memory device reads the encrypted data from the memory area and the security control means for holding the decrypting key. And decrypting means for decrypting the encrypted data based on the decryption key held in the security control means and outputting the obtained decryption result.

[0017] With this, at the time of normal read processing, the security control means holds the decryption key sent prior to the read processing, and the decryption means reads the encrypted data from the memory area. At this time, the encrypted data is decrypted based on the decryption key stored in the security control means, and the obtained decryption result is output.
On the other hand, in the case of an illegal reading process, such decoding is not performed, and the data content is output in an undecided state. Therefore, the data can be kept confidential even if the unauthorized reading process is performed.

The security control means includes: an address decoder for transmitting an activation signal based on designation of a decryption address having a value different from the address of the encrypted data; and an activation signal from the address decoder. And a latch circuit that receives the decryption key when received.

Further, the decryption means extracts the encrypted data to be read from the memory area, inverts the bits, and sends the obtained inverted read data to the inverter, and the security control section holds the inverted data. A selector for selectively outputting, based on a decryption key, encrypted data read from the memory area or inverted read data sent from the inverter.

In this case, since the decryption means outputs the encrypted data or the inverted read data by the selector, the decryption can be performed at a high speed. Further, in the case of an LSI device or a computer system provided with the above-mentioned encryption memory device, a read control means for sending out the decryption key and then reading out the encrypted data may be provided.

Further, the read control means and the decryption means are connected to each other via a bus, and the security control means and the decryption section are provided in the encryption memory device instead of in the encryption memory device. It may be located outside the device and between the bus and the memory area.

In this case, the security control means and the decryption unit may be arranged between a plurality of encrypted memory devices and the bus, and may be shared by each of the encrypted memory devices. Thus, since the security control means and the decryption unit can be formed on the LSI chip in a small installation space, the size of the LSI device can be reduced.

[0023]

Embodiments of the present invention will be described below with reference to the drawings. (First Embodiment) FIG. 1 is a schematic diagram showing a configuration of a main part of an LSI device according to a first embodiment of the present invention, and FIG. 2 specifically shows a configuration of an encryption memory device in FIG. In the schematic diagram shown, the same parts as those in FIGS. 11 and 12 described above are denoted by the same reference numerals, and detailed description thereof will be omitted. Here, different parts will be mainly described. Also, in each embodiment, as described above, an LSI device is described as a representative example, but description of a computer system is also included. In the following embodiments, the same description will not be repeated.

That is, in the present embodiment, data is concealed even against an unauthorized read process. Specifically, the function of the memory device 10 and the function of the encrypted An encryption memory device 10x having a decryption function for decrypting data is provided.

More specifically, in the encrypted memory device 10x, the encrypted encrypted data is held in the memory area 13 and the normal read processing is performed between the memory area 13 and each of the buses 2 to 4. A security control unit 20 in which a decryption key is latched in advance, and a decryption unit for decrypting the encrypted data in the memory area 13 based on the latched decryption key and transmitting the data to the data bus 3 during a normal read process. 3
0.

Accordingly, in addition to the above-described functions, the CPU 1x executes the memory area 1 based on the built-in decryption key.
3 is provided with an encryption function for encrypting data to be written in advance, and a decryption control function for controlling the security control unit 20 and the decryption unit 30 by a read program described later. As the decryption key, a pseudo random number generated by a random number generation device in the CPU 1x or a random number obtained from a random number table may be used. Further, the decryption key may be changed for each writing / reading, or may be changed a plurality of times during one reading based on the designation of the address range.

Here, the security control unit 20
As shown in FIG. 3, and includes an address decoder 21 and the latch circuit 22 _m through 22 _0.

The address decoder 21 is connected to the address bus 2
When the address data of the security control unit 20 is received from the control bus 4 and the write command WR is received from the control bus 4, the activation signal AO (address output) is supplied to each of the latch circuits 22 _{m to} 22 _m provided electrically in parallel with each other. _It has the function of outputting to ₀ .

[0029] Each latch circuit 22 _m through 22 ₀ is activated by the activation signal AO from the address decoder 21, the decoding key K _m ~K ₀ decoder 30 holds on the data bus 3
A function of providing the respective bit conversion unit 31 _m to 31 ₀ of, CP
It has a function of being reset by a reset signal “0” from U1x and ending the holding of the decryption keys K _{m to} K ₀ .

More specifically, each of the latch circuits 22 _{m to} 22 _m
0 includes an input inverter (clock inverter circuit) 23 _m ~ 23 ₀ and latching inverter 24 _m to 24 ₀ interposed between each extending from the data bus 3 to each bit conversion unit 31 _m to 31 ₀ in the decoding section 30 of the series circuit and, NAN latch that is connected in antiparallel latching inverter 24 _m to 24 ₀
And a D circuit 25 _m to 25 _0. Each element 23
The subscripts of m to 0 in the order of 25 to 25 indicate the respective columns m to 0
, And indicate that they belong to the same circuit 22.

Note that the reset signal is not limited to the CPU 1x, but may be input by the operator to operate the latch NAND circuit 25.
It may be input to the _m to 25 _0, or may be omitted since there is a requirement that is introduced from the viewpoint of reliability of operation. The latch circuit 22 _m through 22 ₀ The illustrated is an example, if a circuit capable of holding the decryption key K _m ~K ₀ on the data bus 3 may be changed to any configuration.

On the other hand, the decoding unit 30 on the basis of the decryption key K _m ~K ₀ received from the latch circuit 22 _m through 22 ₀ security control unit 20, the read data D _m to D ₀ or read from the memory area 13 Inverted read data Dr _m
0Dr ₀ to the data bus 3.

More specifically, the decoding unit 30 includes a bit conversion unit
31_m~ 31₀And output buffer 34 _m~ 34₀Has
You. Note that each bit conversion unit 31_m~ 31₀Are identical to each other
Therefore, here, the bit conversion unit 31_mUsing the example
You.

The bit conversion section 31 _m sends out the read data D _m from the memory area 13 or its inverted read data Dr _m to the output buffer 34 _m based on the decryption key K _m received from the security control section 20. Yes,
Specifically, as shown in FIG. 4, an inverter 32 _m and a selector 33 _m are provided.

The inverter 32 _m has a function of extracting the read data D _m from the memory area 13 and inputting the inverted read data Dr _m to the selector 33 _m .

[0036] The selector 33 _m, based on the decryption key K _m received from the latch circuit 22 _m, the read data D _m from the memory area 13, or anti Tendoku sends data Dr _m to the output buffer 34 _m out from the inverter 32 _m Has the ability to

The output buffer 34 _m to 34C ₀ has the read data D _m or counterclockwise Tendoku out data Dr _m received from the bit conversion unit 31 _m to 31 ₀ a function of transmitting the buffered amplified to the data bus 3.

The decoding unit 30 may be provided for each block or each bit in the memory area 13, and may be provided at appropriate block intervals or bit intervals. Further, the decryption unit 30 is provided for each encrypted memory device 1
It may be provided for every 0x, or one shared memory may be provided for each of the plurality of encrypted memory devices 10x.

Next, the operation of the LSI device configured as described above will be described in the order of writing and reading (FIG. 5) with reference to the flowchart of FIG. (Writing) The CPU 1x encrypts data based on a built-in decryption key. Subsequently, the CPU 1x specifies the address of the memory area 13 and writes the encrypted data into the memory area 13. Thus, the writing process is completed.

(At the time of reading) The CPU 1x controls the security control unit 20 and the decryption unit 30 as follows according to the built-in reading program (ST1 to ST4, ST7 in FIG. 5), and The encrypted data is read.

The CPU 1x sends a reset signal to the security control section 20, and the latch circuits 22 _m to 2m
To reset the 2 ₀ (ST1).

Subsequently, the CPU 1x designates the address of the security control unit 20, and activates the activation signal AO =
Activated to 1, to activate the latch circuit 22 _m ~22 ₀ (ST2).

Next, the CPU 1x operates the built-in decryption key K
_{m to} K ₀ are sent to the data bus 3. This decryption key K _m ~
K ₀ is taken from the data bus 3 to the latch circuit 22 _m through 22 _0. Latch circuit 22 _m through 22 ₀ provides the bit conversion unit 31 _m to 31 ₀ to hold the decryption key K _m ~K _0. In the bit converters 31 _{m to} 31 ₀ , the decryption keys K _{m to} K ₀
State of the selector 33 _m ~ 33 ₀ is set in accordance with (S
T3).

Next, CPU 1x designates an address of memory area 13 and reads data. This allows
Encrypted data is output from the memory cell 14 and is read out as bit data D _{m to} D _{0 by} the bit conversion unit 31 of the decryption unit 30.
is input to the _{m ~31 0} (ST4).

The bit conversion unit 31 _m to 31 _0, the read data D _m to D ₀ input with anti Tendoku out data D _m to D _0,
Input to the selector 33 _m ~33 ₀ (ST5).

[0046] (individual values up to i is M～0) selector ₃₃ i, when the decryption key _{K i} is "1" to receive from each of the latch circuits 22 _i outputs as a read data _{D i,} the decoding key K _i is at the "0", and outputs the anti-Tendoku out data Dr _i (ST6). When reading unencrypted data, the CPU 1x may use a pass key in which all values are “1” instead of the decryption key.

The output read data D _i or inverted read data Dr _i is output to the data bus 3 via the output buffer 34 _i , and normal processing can be performed.

[0048] Thereafter, CPU1x sends a reset signal to the security control unit 20 resets the latch circuit 22 _m ~22 ₀ (ST7), and ends the read process.

After completion of the reading process, the latch circuit 22
_m through 22 _0, all values become "0" or "1". If an improper reading process is performed in this state, the memory area 13
All of the encrypted data in the memory area 13 is converted and output as inverted read data, or all the encrypted data in the memory area 13 is output as it is.

In any case, the decryption process using the decryption key is not performed, and the encrypted data in the memory area 13 is output as it is or in a uniformly inverted state. The data can be kept secret from the three parties or their computers.

As described above, according to the present embodiment, the encrypted data is stored in the memory area 13, and the security control unit 20 and the decryption unit 30 decrypt the data only during normal reading. Output to bus 3. On the other hand, in the case of an illegal reading process, the data is output to the data bus 3 in an undecided state. Therefore, the basic data can be kept confidential even if the illegal reading process is performed.

As described above, by encrypting the data and storing it in the memory area 13, it is possible to prevent decryption by an unauthorized third party and protect the know-how and originality of the system developer. And similar products can be prevented from appearing.

[0053] The bit conversion unit 31 _m to 31 _0, when the selector 33 _m ~ 33 ₀ data passes, so configured to decode the data, can be performed very fast decoding operation. Also, when reading encrypted data, a decryption operation can be performed by setting a decryption key. When reading unencrypted data, a pass operation can be performed by setting a pass key. , The decryption operation and the passage operation can be selectively executed for each key data length unit (block).

A decryption key having a different value may be set for each block. In this case, the confidentiality of data can be further improved.

(Second Embodiment) FIG. 6 is a schematic diagram showing a configuration of a main part of an LSI device according to a second embodiment of the present invention. FIG. 7 shows a configuration of an encryption memory device in FIG. It is a schematic diagram specifically shown.

That is, the present embodiment is a modification of the encryption process before writing in the first embodiment, and specifically, the CPU 1y in which the encryption function is omitted from the CPU 1x.
In addition, a common key (the above-described decryption key) previously latched by the security control unit 20 at the time of normal writing processing is provided between the memory area 13 and each of the buses 2 to 4.
And an encryption unit 35 for encrypting the data on the data bus 3 based on the data and inputting the data to the memory area 13 from the input buffer.

Accordingly, in addition to the above-described functions other than the encryption function, the CPU 1 y operates the security control unit by a write program for encrypting data and writing the data into the memory area 13, contrary to the above-described read program. 2
0 and a function of controlling the encryption unit 35. Note that the writing program has the same contents as the above-described reading program, except that the direction of data flow from the data bus 3 to the memory area 13 and the “common key” in place of the name of the “decryption key”. It differs from using names. The common key is a key having the same value as the above-mentioned decryption key, but the name is set as a common key for use in both encryption and decryption.

Meanwhile, the encryption unit 35, based on the common key K _m ~K ₀ received from the latch circuit 22 _m through 22 ₀ security control unit 20, the data bus 3 write data taken from D _m to D ₀ or its inverted write data Dr _m
ＤDr ₀ to the memory area 13.

More specifically, the encryption unit 35 performs the above-described decryption.
Bit conversion unit 36 similar to signal unit 30 _m~ 36₀And input
Buffa 37_m~ 37₀It has.

The bit converters 36 _{m to} 36 ₀ convert the write data D _m fetched from the data bus 3 or its inverted write data Dr _m based on the common keys K _{m to} K ₀ received from the security controller 20. Input buffer 37 _{m to} 37
₀ , and includes an inverter and a selector (both not shown), like the decoding unit 30.

[0061] Inverter extracts the write data D _m from the data bus 3 has a function of inputting the anti Tendoku out data Dr _m to the selector.

[0062] The selector is based on a common key K _m ~K ₀ received from the latch circuit 22 _m through 22 _0, input write data D _m from the data bus 3, or inverted write data Dr _m from inverter buffer it has a function of sending out the 37 _m to 37 _0.

[0063] Input buffer 37 _m to 37 ₀ has the function of inputting into the memory area 13 the write data D _m or inverted write data Dr _m received from the bit conversion unit 36 _m ~ 36 ₀ to the buffer amplifier.

With the above configuration, the effects of the first embodiment can be obtained, and the load on the CPU can be reduced because the CPU 1y does not perform the encryption process before writing.

(Third Embodiment) Next, an LSI device according to a third embodiment of the present invention will be described with reference to FIGS. This embodiment is a modification of the first embodiment, and instead of the encrypted memory device 10x of the first embodiment being a readable / writable RAM, reading of the encrypted memory device 10x is performed. This is a dedicated ROM.

More specifically, in FIGS.
The configuration is such that the write line Lw connecting the data bus 3 with the data bus 3 is omitted. Also, with regard to the CPU 1x, the function of writing to the memory area 13 is omitted.

According to the above configuration, the same effects as those of the first embodiment can be obtained for the ROM.

(Fourth Embodiment) Next, an LSI device according to a fourth embodiment of the present invention will be described with reference to FIGS. This embodiment is a modification of each of the first to third embodiments, and includes a security processing unit 40 according to the present invention.
1 shows a form relating to the arrangement. Here, the security processing unit 40 collectively shows the units 20 and 30 (and 35) for convenience of description, and in the case of the modified example of the first or third embodiment, the security control unit 20 and It comprises a decryption unit 30, and in the case of a modification of the second embodiment, further includes an encryption unit 35, and the arrangement shown in FIGS. 8 to 10 below is possible.

FIG. 8 shows an encrypted memory device (RA) of each of the first to third embodiments which individually includes the security processing unit 40.
(M or ROM) 10x, 10y are provided, and each of these encrypted memory devices 10x, 10y is connected to each of the buses 2-4. FIG. 9 shows first to third
Memory device (RAM or ROM) of each embodiment
A plurality of encryption memory devices (RAM or ROM) 10z in which the security processing unit 40 is omitted from 10x and 10y are provided, and each of these encryption memory devices 10x and 10y is connected to each bus 2 through the security processing unit 40. 4 shows an arrangement connected to the apparatus.

FIG. 10 shows an arrangement in which the plurality of encrypted memory devices 10z shown in FIG. 9 are connected to the buses 2 to 4 via the common security processing unit 40.

That is, the security processing unit 40 according to the present invention, as shown in FIG.
A plurality of units may be arranged in parallel while being provided in x, 10y, or as shown in FIG.
0z may be arranged in parallel in a state of being out of position. Alternatively, as shown in FIG.
It may be shared in a state where it is outside from.

However, the security processing section 40 has a DMA
(Direct memory access) From the viewpoint of executing the encryption / decryption operation even at the time of data transfer not via the CPU as in the case of transfer, it is necessary to arrange between the memory area 13 and each of the buses 2 to 4.

As described above, according to the present embodiment, FIG.
10 to FIG. 10, the same operation and effects as those of the applied embodiment can be obtained among the first to third embodiments. In the case of the configuration shown in FIG.
By sharing the security processing unit 40, the security processing unit 40 can be mounted in an LSI chip (LS
I device), the size of the LSI device can be reduced.

The method described in each of the above embodiments is
As a program that can be executed by a computer, a magnetic disk (floppy (registered trademark) disk,
Hard disk, etc.), optical disk (CD-ROM, D
VD), a magneto-optical disk (MO), and a storage medium such as a semiconductor memory.

The present invention is not limited to the above embodiments, and can be variously modified at the stage of implementation without departing from the scope of the invention. In addition, the embodiments may be implemented in appropriate combinations as much as possible, in which case the combined effects can be obtained. Further, the above embodiments include inventions at various stages, and various inventions can be extracted by appropriate combinations of a plurality of disclosed configuration requirements. For example, when an invention is extracted by omitting some constituent elements from all constituent elements described in the embodiment, when implementing the extracted invention, the omitted part is appropriately supplemented by well-known conventional techniques. It is something to be done.

In addition, the present invention can be variously modified and implemented without departing from the gist thereof.

[0077]

As described above, according to the present invention, data can be kept confidential even if an illegal reading process is performed.

[Brief description of the drawings]

FIG. 1 is a schematic diagram illustrating a main configuration of an LSI device according to a first embodiment of the present invention;

FIG. 2 is a schematic diagram specifically showing a configuration of an encryption memory device according to the embodiment;

FIG. 3 is a circuit diagram showing a configuration of a security control unit according to the embodiment;

FIG. 4 is a circuit diagram showing a configuration of a bit conversion unit according to the embodiment.

FIG. 5 is a flowchart for explaining the operation in the embodiment;

FIG. 6 is a schematic diagram showing a main part configuration of an LSI device according to a second embodiment of the present invention;

FIG. 7 is a schematic diagram specifically showing a configuration of an encryption memory device according to the embodiment;

FIG. 8 is a schematic diagram showing a configuration of an LSI device according to a fourth embodiment of the present invention.

FIG. 9 is a schematic diagram showing a configuration of an LSI device according to the embodiment.

FIG. 10 is a schematic diagram showing the configuration of an LSI device according to the embodiment;

FIG. 11 is a schematic diagram showing a main part configuration of a conventional LSI device.

FIG. 12 is a schematic diagram specifically showing a configuration of a conventional memory device.

[Explanation of symbols]

1x, 1y CPU 2 Address bus 3 Data bus 4 Control bus 10x, 10y Encryption memory device 11 Control unit 12 Address decoder (row decoder) 13 Memory area 14 Memory cell 15 Column selector 16 ... sense amplifier 17 ... write buffer 20 ... security control unit 21 ... address decoder 22 _m through 22 ₀ ... latch circuit 23 _m ~ 23 ₀ ... input inverter 24 _m to 24 ₀ ... latching inverter 25 _m to 25 ₀ ... NAND latch Circuit 26 Activation inverter 30 Decryption unit 31 _{m to} 31 ₀ Bit conversion unit 32 _{m to} 32 ₀ Inverter 33 _{m to} 33 ₀ Selector 34 _{m to} 34 ₀ Output buffer 35 Encryption unit 36 _m 36 ₀ ... bit conversion unit 37 _m to 37 ₀ ... input buffer 40 ... Se Yuriti processing unit

Claims (6)

[Claims] An encrypted memory device having a memory area for holding encrypted data and capable of performing at least read processing among read / write processing, wherein a decryption key is transmitted prior to the read processing. Then, when the encrypted data is read out from the memory area, the security control means holding the decryption key decrypts the encrypted data based on the decryption key stored in the security control means. And an decryption means for outputting an obtained decryption result. An encrypted memory device comprising: 2. The encrypted memory device according to claim 1, wherein the security control means transmits an activation signal based on a designation of a decryption address having a value different from an address of the encrypted data. An encryption memory device, comprising: a decoder; and a latch circuit that, when receiving an activation signal from the address decoder, holds the transmitted decryption key. 3. The encrypted memory device according to claim 1, wherein said decryption means extracts encrypted data to be read from said memory area and inverts the bits to obtain the inverted data. An inverter for transmitting data, and a selector for selectively outputting encrypted data read from the memory area or inverted read data transmitted from the inverter, based on a decryption key held in the security control unit. And an encryption memory device comprising: 4. An LSI device provided with the encryption memory device according to claim 1, wherein the encryption key is transmitted and then the encrypted data is read. An LSI device comprising control means. 5. The LSI device according to claim 4, wherein the read control unit and the decryption unit are connected to each other via a bus, and the security control unit and the decryption unit
An LSI device arranged outside the encryption memory device and between the bus and the memory area instead of inside the encryption memory device. 6. The LSI device according to claim 5, wherein the security control unit and the decryption unit
Disposed between a plurality of encrypted memory devices and the bus;
An LSI device shared by each of the encryption memory devices.